US20150310192A1 - Method for protecting a computer program product, computer program product and computer-readable storage medium - Google Patents

Method for protecting a computer program product, computer program product and computer-readable storage medium Download PDF

Info

Publication number
US20150310192A1
US20150310192A1 US14/411,086 US201314411086A US2015310192A1 US 20150310192 A1 US20150310192 A1 US 20150310192A1 US 201314411086 A US201314411086 A US 201314411086A US 2015310192 A1 US2015310192 A1 US 2015310192A1
Authority
US
United States
Prior art keywords
computer program
program product
operating environment
operating parameter
operating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US14/411,086
Other versions
US10268807B2 (en
Inventor
Jörg Bartholdt
Sebastian Dippl
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Assigned to SIEMENS AKTIENGESELLSCHAFT reassignment SIEMENS AKTIENGESELLSCHAFT ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Bartholdt, Jörg, DIPPL, SEBASTIAN
Publication of US20150310192A1 publication Critical patent/US20150310192A1/en
Application granted granted Critical
Publication of US10268807B2 publication Critical patent/US10268807B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • G06F2221/0775

Definitions

  • the present teachings relate generally to a method for protecting a computer program product, a computer program product, and a computer-readable storage medium.
  • a hardware apparatus e.g., a dongle
  • the dongle may be a memory that stores a license key. This license key may then be read from the memory by the respective computer program (e.g., during starting of the computer program) and may be checked.
  • a dongle may be designed to carry out cryptographic functions.
  • a dongle may carry out a “challenge-response” method in combination with a respective computer program.
  • a dongle involves dongle hardware and access to a connection of the respective computer.
  • Protection methods implemented in software may also be used to protect computer programs. Such methods may be based on monitoring characteristic data relating to the computer system on which the respective computer program is executed.
  • a computer program may store the identifier of the processor (e.g., the CPU ID) of the computer on which the computer program is installed. During each system start, the computer program may then check whether the processor of the computer on which the computer program is executed is the processor identified by the computer program during installation. Additional characteristic data relating to the computer that facilitate identification may also be used.
  • the processor e.g., the CPU ID
  • the computer program may then check whether the processor of the computer on which the computer program is executed is the processor identified by the computer program during installation. Additional characteristic data relating to the computer that facilitate identification may also be used.
  • characteristic data relating to the computer system on which a computer program is executed is problematic when the computer program is executed in a “virtual machine” (e.g., a virtual computer system).
  • the virtual machine may allow the characteristic data to be manipulated or feigned.
  • an image of a virtual machine may be readily copied after the computer program has been installed.
  • the present embodiments may obviate one or more of the drawbacks or limitations in the related art. For example, in some embodiments, improved protection of computer program products is provided.
  • a method for protecting a computer program product operated in a virtual operating environment includes the following acts: recording at least one operating parameter for the operating environment in which the computer program product is executed, the operating parameter being defined outside the operating environment; comparing the recorded operating parameters with a comparison value stored for the respective operating parameter; and outputting a warning signal if a number of comparison results exceeds a predefined threshold value, the comparison results indicating an execution of the computer program product in an operating environment other than that in which the comparison values were recorded.
  • a computer program product includes computer instructions for carrying out a method in accordance with the present teachings.
  • a computer-readable storage medium includes a computer program product in accordance with the present teachings.
  • operating parameters of the respective operating environment may be manipulated with the aid of virtual operating environments.
  • a method is provided for recognizing whether a computer program product is operated in the operating environment in which the computer program product was originally installed.
  • At least one operating parameter that is defined outside the operating environment may be recorded.
  • the recorded operating parameters are compared with comparison values recorded for the respective operating parameters.
  • the stored operating parameters may be stored, for example, when installing the computer program product inside the respective operating environment.
  • the comparison with the stored operating parameters indicates whether a computer program product is operated in the operating environment in which the stored operating parameters were recorded, or whether the corresponding computer program product is operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded.
  • a warning signal is output if the number of comparisons indicating that the corresponding computer program product is being operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded exceeds a threshold value.
  • the operation of a computer program product may be monitored even when the computer program product is operated in a virtualized operating environment.
  • the at least one operating parameter defined outside an operating environment includes a subnet mask and/or predefined addresses of predefined systems of a data network coupled to the operating environment.
  • the subnet mask may be a fixed variable in a data network.
  • a change in the subnet mask may indicate a potential move of the computer program product to a new operating environment.
  • the at least one operating parameter defined outside an operating environment includes a DNS server address.
  • the address of the DNS server may be constant and, therefore, may effectively contribute to recognizing a move of the computer program product.
  • the at least one operating parameter defined outside an operating environment includes neighboring systems that may be reached by the computer program product in the data network. Permanently installed computer systems may be used in data networks belonging, for example, to companies. A change in the neighboring systems that may be reached by the computer program may likewise indicate a move of the computer program product to another operating environment.
  • the at least one operating parameter defined outside an operating environment includes SNMP devices that may be reached by the computer program product.
  • a change in the SNMP devices that may be reached by the computer program likewise indicates a move of the computer program product to another operating environment.
  • the at least one operating parameter defined outside an operating environment includes at least part of a network route to known Internet servers. If a computer program transmits a request to an Internet server, the request may run through an internal network belonging to a company or to an Internet provider until the request is fed into the actual Internet. Therefore, a change in at least the internal part of the network route may indicate a move of the computer program to a new operating environment.
  • the at least one operating parameter defined outside an operating environment includes a data transmission time (e.g., PING time) to known Internet servers.
  • a data transmission time e.g., PING time
  • the data transmission time may change within a certain fluctuation range in the event of a request to a known server. Therefore, a drastic deviation of the data transmission time from a known value for the data transmission time may indicate a move of the computer program product to a new operating environment.
  • the respective operating parameter is compared with a defined comparison value and/or with a range of values and/or with a Boolean value during comparison.
  • This comparison may provide suitable options for each operating parameter. For example, addresses such as the subnet mask or the address of the DNS server may be compared with a stored address value.
  • a check may be carried out, for example, to determine whether the data transmission time is in a data transmission time range.
  • the data transmission time range may be formed, for example, from the corresponding past data transmission times.
  • each of the operating parameters is allocated a weighting, and the number of comparisons is calculated using a weighted sum calculated based on the allocated weighting. As a result, a higher priority may be allocated to certain parameters when determining a move.
  • the starting of the computer program product may be prevented in addition to outputting the warning signal, thereby providing effective copy protection.
  • a license key may be queried in addition to outputting the warning signal.
  • the computer program product may be reactivated.
  • the computer program product is in the form of a library and/or a program module of a further computer program product.
  • the computer program product may be integrated in further computer program products as a copy protection mechanism.
  • a computer program product in accordance with the present teachings may prevent the execution of the further computer program products.
  • FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings.
  • FIG. 2 shows two tables with examples of network routes to the wikipedia.de server.
  • FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters.
  • FIG. 4 shows a block diagram of an example of an operating environment of an exemplary computer program product in accordance with the present teachings.
  • FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings.
  • a first act S 1 at least one operating parameter 15 - 1 - 15 - 5 that is defined outside an operating environment 2 , 3 is recorded for the operating environment 2 , 3 in which the computer program product 1 is executed.
  • a second act S 2 also provides for the recorded operating parameters 15 - 1 - 15 - 5 to be compared with a comparison value stored for the respective operating parameter 15 - 1 - 15 - 5 .
  • the stored comparison values for the operating parameters 15 - 1 - 15 - 5 are the values that are recorded and stored in that operating environment 2 , 3 in which the computer program product 1 was originally installed or for which the computer program product was originally licensed.
  • a warning signal 17 is output if a number of comparison results indicating execution of the computer program product 1 in another operating environment 2 , 3 exceeds a predefined threshold value.
  • the execution of the computer program product 1 may also be prevented.
  • execution in another operating environment 2 , 3 refers to the execution of the computer program product 1 in an operating environment 2 , 3 in which the computer program product 1 was not originally installed and/or for which the comparison values were not stored.
  • a method in accordance with the present teachings may also be carried out using a computer program product 1 as a module of a further computer program product.
  • the computer program product 1 may be used to monitor and control the execution of the further computer program product.
  • a license key for the computer program product 1 may be queried when a move of the operating environment 2 , 3 is recognized.
  • the license key facilitates reactivation of the computer program product.
  • the operating environment of a computer program product may change. Therefore, in accordance with the present teachings, the operating parameters 15 - 1 - 15 - 5 of the operating environment 2 , 3 may be selected such that a change in the operating parameters 15 - 1 - 15 - 5 reliably indicates whether or not the computer program product 1 is executed in that operating environment 2 , 3 in which the computer program product 1 was originally installed.
  • the recognition accuracy may be modified by changing the number of operating parameters 15 - 1 - 15 - 5 used and by changing the predefined threshold value.
  • the operating parameters 15 - 1 - 15 - 5 defined outside an operating environment 2 , 3 may be different operating parameters 15 - 1 - 15 - 5 that may be recorded using, for example, network interfaces.
  • Operating parameters include the following: a subnet mask; predefined addresses of predefined systems (e.g., printers or the like) in the data network 4 ; a DNS server address; an address of a standard gateway; reachable neighboring systems 5 , 6 in the data network 4 ; reachable SNMP devices; at least part of a network route to known Internet servers 7 ; a data transmission time to known Internet servers 7 ; and source addresses of ARP requests.
  • Comparison values and/or ranges of values and/or Boolean values defined for comparing S 2 the respective operating parameters 15 - 1 - 15 - 5 may be predefined for the multiplicity of operating parameters 15 - 1 - 15 - 5 .
  • comparison values defined for network addresses may be stored.
  • a range of values may be stored since the data transmission time is also dependent on the instantaneous load situation of the data network 4 and the load situation of the Internet or the called Internet server 7 .
  • tolerance ranges, thresholds, or variances may also be stated for changes in individual operating parameters 15 - 1 - 15 - 5 .
  • the threshold value may be set based on the desired recognition rate. A trade-off is made between how quickly a move is to be recognized and how often false recognitions may be tolerated.
  • a weighting is allocated to each of the operating parameters 15 - 1 - 15 - 5 .
  • the number of comparisons is calculated using a weighted sum based on the respectively allocated weighting, thereby facilitating adaptation of the method to different boundary conditions.
  • FIG. 2 shows two tables with examples of network routes to the wikipedia.de server in accordance with the present teachings.
  • the tables were recorded using the “traceroute” program that records and outputs the route from the executing computer to the target system.
  • the table entries 2 , 3 and 4 in the two tables are not identical.
  • different computer systems forward the request until the request continues on a common route at entry 5 (upper table) and entry 4 (lower table).
  • differences in the first systems according to the subnetwork 4 in which the operating environment 2 , 3 of the computer program product 1 is arranged indicate a move of the operating environment 2 , 3 .
  • FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters 15 - 1 - 15 - 5 in accordance with the present teachings.
  • the operating parameter 15 - 1 is the ping time to a Google server.
  • the operating parameter 15 - 2 is the number of matches during a traceroute run.
  • the operating parameter 15 - 3 is a comparison of its own IP address.
  • the operating parameter 15 - 4 is a source address of ARP requests.
  • the operating parameter 15 - 5 is the number of neighboring systems in the data network 4 that may be reached by UDP protocol at certain port numbers.
  • a range of between 90 ms and 180 ms is specified for the operating parameter 15 - 1 . Therefore, if a ping time to a Google server is between 90 ms and 180 ms, a move is not assumed.
  • a range of between 5 and 7 is specified for the operating parameter 15 - 2 . Therefore, if the number of matches during a traceroute run is below 5, a move is assumed.
  • a comparison is carried out for the operating parameters 15 - 3 and 15 - 4 to determine whether the operating parameters 15 - 3 and 15 - 4 correspond to the stored values.
  • a range of between 2 and 4 is specified for the operating parameter 15 - 5 .
  • a different number of operating parameters 15 - 1 - 15 - 5 may be included in the set of operating parameters 15 - 1 - 15 - 5 .
  • different comparison values, ranges, or the like may be specified.
  • FIG. 4 shows a block diagram of an example of an operating environment 2 , 3 of an exemplary computer program product 1 in accordance with the present teachings.
  • FIG. 4 shows an example of an operating environment 2 having a network interface 8 that may be, for example, a computer server.
  • a virtual operating environment 3 having a virtual network interface 9 is shown inside the operating environment 2 .
  • the virtual operating environment 3 may be, for example, a virtual PC that is executed as a computer program on the server 2 .
  • the computer program product 1 in accordance with the present teachings is installed in the virtual PC 3 .
  • the computer program product is designed to communicate via the virtual network interface 9 that is coupled to the actual network interface 8 of the computer server 2 .
  • the actual network interface 8 is coupled to a data network 4 having an additional first computer system 5 and a second computer system 6 that are coupled to the data network 4 .
  • the data network 4 is also coupled to a standard gateway 10 that is configured to couple the data network 4 to the Internet 11 .
  • An Internet server 7 (e.g., the wikipedia.de server) is coupled to the Internet.
  • the additional first computer system 5 and the second computer system 6 may be recognized and stored, for example.
  • the address of the standard gateway 10 may also be stored.
  • the route and the ping time to the wikipedia.de server 7 may be stored.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A method for protecting a computer program product, the computer program product being configured for operation in an operating environment (e.g., a virtual operating environment), includes: detecting at least one operating parameter of the operating environment in which the computer program product is executed, the at least one operating parameter having been defined outside of the operating environment; comparing the detected at least one operating parameter to a comparison value stored for each operating parameter; and outputting a warning signal if a plurality of comparison results exceeds a predetermined threshold value, wherein the comparison results indicate an execution of the computer program product in a different operating environment.

Description

    RELATED APPLICATIONS
  • This application is the National Stage of International Application No. PCT/EP2013/059213, filed May 3, 2013, which claims the benefit of German Patent Application No. DE 102012210747.9, filed Jun. 25, 2012. The entire contents of both documents are hereby incorporated herein by reference.
    • TECHNICAL FIELD
  • The present teachings relate generally to a method for protecting a computer program product, a computer program product, and a computer-readable storage medium.
    • BACKGROUND
  • Software manufacturers lose large amounts of money every year due to the illegal use of unlicensed software. Therefore, the protection of computer programs from unauthorized use is important in software development.
  • Conventional methods for protecting computer programs from unauthorized use provide, for example, a hardware apparatus (e.g., a dongle) that is used to protect a computer program from unauthorized execution. For example, the dongle may be a memory that stores a license key. This license key may then be read from the memory by the respective computer program (e.g., during starting of the computer program) and may be checked.
  • A dongle may be designed to carry out cryptographic functions. For example, a dongle may carry out a “challenge-response” method in combination with a respective computer program.
  • However, the use of a dongle involves dongle hardware and access to a connection of the respective computer.
  • Protection methods implemented in software may also be used to protect computer programs. Such methods may be based on monitoring characteristic data relating to the computer system on which the respective computer program is executed.
  • For example, during installation, a computer program may store the identifier of the processor (e.g., the CPU ID) of the computer on which the computer program is installed. During each system start, the computer program may then check whether the processor of the computer on which the computer program is executed is the processor identified by the computer program during installation. Additional characteristic data relating to the computer that facilitate identification may also be used.
  • However, the use of characteristic data relating to the computer system on which a computer program is executed is problematic when the computer program is executed in a “virtual machine” (e.g., a virtual computer system). The virtual machine may allow the characteristic data to be manipulated or feigned. Furthermore, an image of a virtual machine may be readily copied after the computer program has been installed.
    • SUMMARY AND DESCRIPTION
  • The scope of the present invention is defined solely by the appended claims, and is not affected to any degree by the statements within this summary.
  • The present embodiments may obviate one or more of the drawbacks or limitations in the related art. For example, in some embodiments, improved protection of computer program products is provided.
  • A method for protecting a computer program product operated in a virtual operating environment is provided that includes the following acts: recording at least one operating parameter for the operating environment in which the computer program product is executed, the operating parameter being defined outside the operating environment; comparing the recorded operating parameters with a comparison value stored for the respective operating parameter; and outputting a warning signal if a number of comparison results exceeds a predefined threshold value, the comparison results indicating an execution of the computer program product in an operating environment other than that in which the comparison values were recorded.
  • A computer program product is provided that includes computer instructions for carrying out a method in accordance with the present teachings.
  • A computer-readable storage medium includes a computer program product in accordance with the present teachings.
  • In accordance with the present teachings, operating parameters of the respective operating environment may be manipulated with the aid of virtual operating environments. As a result, a method is provided for recognizing whether a computer program product is operated in the operating environment in which the computer program product was originally installed.
  • At least one operating parameter that is defined outside the operating environment may be recorded. The recorded operating parameters are compared with comparison values recorded for the respective operating parameters.
  • The stored operating parameters may be stored, for example, when installing the computer program product inside the respective operating environment.
  • For each operating parameter, the comparison with the stored operating parameters indicates whether a computer program product is operated in the operating environment in which the stored operating parameters were recorded, or whether the corresponding computer program product is operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded.
  • A warning signal is output if the number of comparisons indicating that the corresponding computer program product is being operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded exceeds a threshold value.
  • Thus, the operation of a computer program product may be monitored even when the computer program product is operated in a virtualized operating environment.
  • In some embodiments, the at least one operating parameter defined outside an operating environment includes a subnet mask and/or predefined addresses of predefined systems of a data network coupled to the operating environment. The subnet mask may be a fixed variable in a data network. A change in the subnet mask may indicate a potential move of the computer program product to a new operating environment.
  • In some embodiments, the at least one operating parameter defined outside an operating environment includes a DNS server address. Like the subnet mask in a data network, the address of the DNS server may be constant and, therefore, may effectively contribute to recognizing a move of the computer program product.
  • In some embodiments, the at least one operating parameter defined outside an operating environment includes neighboring systems that may be reached by the computer program product in the data network. Permanently installed computer systems may be used in data networks belonging, for example, to companies. A change in the neighboring systems that may be reached by the computer program may likewise indicate a move of the computer program product to another operating environment.
  • In some embodiments, the at least one operating parameter defined outside an operating environment includes SNMP devices that may be reached by the computer program product. A change in the SNMP devices that may be reached by the computer program likewise indicates a move of the computer program product to another operating environment.
  • In some embodiments, the at least one operating parameter defined outside an operating environment includes at least part of a network route to known Internet servers. If a computer program transmits a request to an Internet server, the request may run through an internal network belonging to a company or to an Internet provider until the request is fed into the actual Internet. Therefore, a change in at least the internal part of the network route may indicate a move of the computer program to a new operating environment.
  • In some embodiments, the at least one operating parameter defined outside an operating environment includes a data transmission time (e.g., PING time) to known Internet servers. Although the data transmission time is not a constant, the data transmission time may change within a certain fluctuation range in the event of a request to a known server. Therefore, a drastic deviation of the data transmission time from a known value for the data transmission time may indicate a move of the computer program product to a new operating environment.
  • In some embodiments, the respective operating parameter is compared with a defined comparison value and/or with a range of values and/or with a Boolean value during comparison. This comparison may provide suitable options for each operating parameter. For example, addresses such as the subnet mask or the address of the DNS server may be compared with a stored address value. When comparing the data transmission time, a check may be carried out, for example, to determine whether the data transmission time is in a data transmission time range. The data transmission time range may be formed, for example, from the corresponding past data transmission times.
  • In some embodiments, each of the operating parameters is allocated a weighting, and the number of comparisons is calculated using a weighted sum calculated based on the allocated weighting. As a result, a higher priority may be allocated to certain parameters when determining a move.
  • In some embodiments, the starting of the computer program product may be prevented in addition to outputting the warning signal, thereby providing effective copy protection.
  • In some embodiments, a license key may be queried in addition to outputting the warning signal. Despite the recognition of a move of the computer program product, the computer program product may be reactivated.
  • In some embodiments, the computer program product is in the form of a library and/or a program module of a further computer program product. For example, the computer program product may be integrated in further computer program products as a copy protection mechanism. In some embodiments, a computer program product in accordance with the present teachings may prevent the execution of the further computer program products.
  • The above refinements and developments may be combined in any desired manner. Additional refinements, developments, and implementations of the present teachings include combinations of features described herein with respect to exemplary embodiments although the combinations themselves may not be explicitly described.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings.
  • FIG. 2 shows two tables with examples of network routes to the wikipedia.de server.
  • FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters.
  • FIG. 4 shows a block diagram of an example of an operating environment of an exemplary computer program product in accordance with the present teachings.
    •
  • In the drawing figures, identical or functionally identical elements and apparatuses have been provided with the same reference symbols unless otherwise indicated.
    • DETAILED DESCRIPTION
  • FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings.
  • In a first act S1, at least one operating parameter 15-1-15-5 that is defined outside an operating environment 2, 3 is recorded for the operating environment 2, 3 in which the computer program product 1 is executed.
  • A second act S2 also provides for the recorded operating parameters 15-1-15-5 to be compared with a comparison value stored for the respective operating parameter 15-1-15-5. The stored comparison values for the operating parameters 15-1-15-5 are the values that are recorded and stored in that operating environment 2, 3 in which the computer program product 1 was originally installed or for which the computer program product was originally licensed.
  • In a third act S3, a warning signal 17 is output if a number of comparison results indicating execution of the computer program product 1 in another operating environment 2, 3 exceeds a predefined threshold value. In some embodiments, the execution of the computer program product 1 may also be prevented. As used herein, execution in another operating environment 2, 3 refers to the execution of the computer program product 1 in an operating environment 2, 3 in which the computer program product 1 was not originally installed and/or for which the comparison values were not stored.
  • A method in accordance with the present teachings may also be carried out using a computer program product 1 as a module of a further computer program product. The computer program product 1 may be used to monitor and control the execution of the further computer program product.
  • In some embodiments, a license key for the computer program product 1 may be queried when a move of the operating environment 2, 3 is recognized. The license key facilitates reactivation of the computer program product.
  • In computer-based operating environments (e.g., data networks and computing centers), the operating environment of a computer program product may change. Therefore, in accordance with the present teachings, the operating parameters 15-1-15-5 of the operating environment 2, 3 may be selected such that a change in the operating parameters 15-1-15-5 reliably indicates whether or not the computer program product 1 is executed in that operating environment 2, 3 in which the computer program product 1 was originally installed. The recognition accuracy may be modified by changing the number of operating parameters 15-1-15-5 used and by changing the predefined threshold value.
  • The operating parameters 15-1-15-5 defined outside an operating environment 2, 3 may be different operating parameters 15-1-15-5 that may be recorded using, for example, network interfaces.
  • Operating parameters that may be used include the following: a subnet mask; predefined addresses of predefined systems (e.g., printers or the like) in the data network 4; a DNS server address; an address of a standard gateway; reachable neighboring systems 5, 6 in the data network 4; reachable SNMP devices; at least part of a network route to known Internet servers 7; a data transmission time to known Internet servers 7; and source addresses of ARP requests.
  • Comparison values and/or ranges of values and/or Boolean values defined for comparing S2 the respective operating parameters 15-1-15-5 may be predefined for the multiplicity of operating parameters 15-1-15-5.
  • For example, comparison values defined for network addresses may be stored. For a data transmission time, a range of values may be stored since the data transmission time is also dependent on the instantaneous load situation of the data network 4 and the load situation of the Internet or the called Internet server 7. In some embodiments, tolerance ranges, thresholds, or variances may also be stated for changes in individual operating parameters 15-1-15-5.
  • The threshold value may be set based on the desired recognition rate. A trade-off is made between how quickly a move is to be recognized and how often false recognitions may be tolerated.
  • In some embodiments, a weighting is allocated to each of the operating parameters 15-1-15-5. The number of comparisons is calculated using a weighted sum based on the respectively allocated weighting, thereby facilitating adaptation of the method to different boundary conditions.
  • FIG. 2 shows two tables with examples of network routes to the wikipedia.de server in accordance with the present teachings. The tables were recorded using the “traceroute” program that records and outputs the route from the executing computer to the target system.
  • As shown in FIG. 2, the table entries 2, 3 and 4 in the two tables are not identical. As a result, for the private network and the subnetwork in which the operating environment 2, 3 of the computer program product 1 is arranged, different computer systems forward the request until the request continues on a common route at entry 5 (upper table) and entry 4 (lower table).
  • For example, differences in the first systems according to the subnetwork 4 in which the operating environment 2, 3 of the computer program product 1 is arranged indicate a move of the operating environment 2, 3.
  • FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters 15-1-15-5 in accordance with the present teachings.
  • The operating parameter 15-1 is the ping time to a Google server. The operating parameter 15-2 is the number of matches during a traceroute run. The operating parameter 15-3 is a comparison of its own IP address. The operating parameter 15-4 is a source address of ARP requests. The operating parameter 15-5 is the number of neighboring systems in the data network 4 that may be reached by UDP protocol at certain port numbers.
  • A range of between 90 ms and 180 ms is specified for the operating parameter 15-1. Therefore, if a ping time to a Google server is between 90 ms and 180 ms, a move is not assumed.
  • A range of between 5 and 7 is specified for the operating parameter 15-2. Therefore, if the number of matches during a traceroute run is below 5, a move is assumed.
  • A comparison is carried out for the operating parameters 15-3 and 15-4 to determine whether the operating parameters 15-3 and 15-4 correspond to the stored values.
  • A range of between 2 and 4 is specified for the operating parameter 15-5.
  • In other embodiments, a different number of operating parameters 15-1-15-5 may be included in the set of operating parameters 15-1-15-5. In addition, different comparison values, ranges, or the like may be specified.
  • FIG. 4 shows a block diagram of an example of an operating environment 2, 3 of an exemplary computer program product 1 in accordance with the present teachings.
  • FIG. 4 shows an example of an operating environment 2 having a network interface 8 that may be, for example, a computer server. A virtual operating environment 3 having a virtual network interface 9 is shown inside the operating environment 2. The virtual operating environment 3 may be, for example, a virtual PC that is executed as a computer program on the server 2. The computer program product 1 in accordance with the present teachings is installed in the virtual PC 3. The computer program product is designed to communicate via the virtual network interface 9 that is coupled to the actual network interface 8 of the computer server 2.
  • The actual network interface 8 is coupled to a data network 4 having an additional first computer system 5 and a second computer system 6 that are coupled to the data network 4. The data network 4 is also coupled to a standard gateway 10 that is configured to couple the data network 4 to the Internet 11. An Internet server 7 (e.g., the wikipedia.de server) is coupled to the Internet.
  • If the method in accordance with the present teachings or the computer program product 1 in accordance with the present teachings is executed in the illustrated operating environment 2, the additional first computer system 5 and the second computer system 6 may be recognized and stored, for example. The address of the standard gateway 10 may also be stored. In addition, the route and the ping time to the wikipedia.de server 7 may be stored.
  • If the virtual operating environment 3 were moved to another computer server 3 in another computer network, the above-described parameters would be likely to change and the move would be detectable.
  • While the present invention has been described above by reference to various embodiments, it should be understood that many changes and modifications may be made to the described embodiments. It is therefore intended that the foregoing description be regarded as illustrative rather than limiting, and that it be understood that all equivalents and/or combinations of embodiments are intended to be included in this description.
  • It is to be understood that the elements and features recited in the appended claims may be combined in different ways to produce new claims that likewise fall within the scope of the present invention. Thus, whereas the dependent claims appended below depend from only a single independent or dependent claim, it is to be understood that these dependent claims may, alternatively, be made to depend in the alternative from any preceding claim—whether independent or dependent—and that such new combinations are to be understood as forming a part of the present specification.

Claims (20)

1. A method for protecting a computer program product, the computer program product being configured for operation in an operating environment, the method comprising:
recording at least one operating parameter for the operating environment in which the computer program product is executed, wherein the at least one operating parameter is defined outside the operating environment;
comparing the recorded at least one operating parameter with a comparison value stored for the respective operating parameter; and
outputting a warning signal if a number of comparison results exceeds a predefined threshold value, wherein the comparison results indicate execution of the computer program product in a different operating environment than the operating environment in which the comparison values were recorded.
2. The method of claim 1, wherein the at least one operating parameter defined outside an operating environment comprises a subnet mask, predefined addresses of predefined systems of a data network coupled to the operating environment, or a subnet mask and predefined addresses of predefined systems of a data network coupled to the operating environment.
3. The method of claim 1, wherein the at least one operating parameter defined outside an operating environment comprises a DNS server address, an address of a standard gateway, or a DNS server address and an address of a standard gateway.
4. The method of claim 1, wherein the at least one operating parameter defined outside an operating environment comprises neighboring systems that are reachable by the computer program product in a data network.
5. The method of claim 1, wherein the at least one operating parameter defined outside an operating environment comprises SNMP devices that are reachable by the computer program product.
6. The method of claim 1, wherein the at least one operating parameter defined outside an operating environment comprises at least part of a network route to known Internet servers.
7. The method of claim 1, wherein the at least one operating parameter defined outside an operating environment comprises a data transmission time to at least one known Internet server.
8. The method of claim 1, wherein the respective operating parameter is compared with a defined comparison value, a range of values, a Boolean value, or a combination thereof.
9. The method of claim 1, wherein each of the at least one operating parameter is allocated a weighting, and wherein the number of comparison results is calculated using a weighted sum based on the allocated weighting.
10. The method of claim 1, further comprising preventing starting of the computer program product in addition to the outputting of the warning signal.
11. The method of claim 1, further comprising querying a license key in addition to the outputting of the warning signal.
12. A computer program product comprising computer instructions for carrying out a method for protecting a computer program product, the computer program product being configured for operation in an operating environment, the method comprising:
recording at least one operating parameter for the operating environment in which the computer program product is executed, wherein the at least one operating parameter is defined outside the operating environment;
comparing the recorded at least one operating parameter with a comparison value stored for the respective operating parameter; and
outputting a warning signal if a number of comparison results exceeds a predefined threshold value, wherein the comparison results indicate execution of the computer program product in a different operating environment than the operating environment in which the comparison values were recorded.
13. The computer program product of claim 12, wherein the computer program product comprises a library, a program module of a further computer program product, or a library and a program module of a further computer program product.
14. A non-transitory computer-readable storage medium having stored therein data representing instructions executable by a programmed processor for protecting a computer program product, the computer program product being configured for operation in an operating environment, the storage medium comprising instructions for:
recording at least one operating parameter for the operating environment in which the computer program product is executed, wherein the at least one operating parameter is defined outside the operating environment;
comparing the recorded at least one operating parameter with a comparison value stored for the respective operating parameter; and
outputting a warning signal if a number of comparison results exceeds a predefined threshold value, wherein the comparison results indicate execution of the computer program product in a different operating environment than the operating environment in which the comparison values were recorded.
15. The method of claim 2, wherein the at least one operating parameter defined outside an operating environment comprises a DNS server address, an address of a standard gateway, or a DNS server address and an address of a standard gateway.
16. The method of claim 2, wherein the at least one operating parameter defined outside an operating environment comprises neighboring systems that are reachable by the computer program product in a data network.
17. The method of claim 3, wherein the at least one operating parameter defined outside an operating environment comprises neighboring systems that are reachable by the computer program product in a data network.
18. The method of claim 2, wherein the at least one operating parameter defined outside an operating environment comprises SNMP devices that are reachable by the computer program product.
19. The method of claim 3, wherein the at least one operating parameter defined outside an operating environment comprises SNMP devices that are reachable by the computer program product.
20. The method of claim 4, wherein the at least one operating parameter defined outside an operating environment comprises SNMP devices that are reachable by the computer program product.
US14/411,086 2012-06-25 2013-05-03 Method for protecting a computer program product, computer program product and computer-readable storage medium Expired - Fee Related US10268807B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
DE102012210747.9A DE102012210747A1 (en) 2012-06-25 2012-06-25 PROCESS FOR PROTECTING A COMPUTER PROGRAM PRODUCT, COMPUTER PROGRAM PRODUCT, AND COMPUTER READABLE STORAGE MEDIUM
DE102012210747 2012-06-25
DE102012210747.9 2012-06-25
PCT/EP2013/059213 WO2014000927A1 (en) 2012-06-25 2013-05-03 Method for protecting a computer program product, computer program product and computer-readable storage medium

Publications (2)

Publication Number Publication Date
US20150310192A1 true US20150310192A1 (en) 2015-10-29
US10268807B2 US10268807B2 (en) 2019-04-23

Family

ID=48463950

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/411,086 Expired - Fee Related US10268807B2 (en) 2012-06-25 2013-05-03 Method for protecting a computer program product, computer program product and computer-readable storage medium

Country Status (6)

Country Link
US (1) US10268807B2 (en)
EP (1) EP2829038B1 (en)
KR (1) KR102131175B1 (en)
CN (1) CN104620553B (en)
DE (1) DE102012210747A1 (en)
WO (1) WO2014000927A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1224788B1 (en) * 1999-10-22 2004-06-23 Nomadix, Inc. Location-based identification for use in a communications network
US20040203648A1 (en) * 2002-07-22 2004-10-14 At&T Wireless Services, Inc. Methods and apparatus for formatting information for a communication
US20070027815A1 (en) * 2005-07-29 2007-02-01 Symantec Corporation Systems and methods for centralized subscription and license management in a small networking environment
US20090245122A1 (en) * 2003-01-23 2009-10-01 Maiocco James N System and method for monitoring global network performance
US20090328225A1 (en) * 2007-05-16 2009-12-31 Vmware, Inc. System and Methods for Enforcing Software License Compliance with Virtual Machines
US20100305989A1 (en) * 2009-05-27 2010-12-02 Ruicao Mu Method for fingerprinting and identifying internet users
US20120011241A1 (en) * 2008-02-22 2012-01-12 Etchegoyen Craig S License auditing of software usage by associating software activations with device identifiers

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2145068A1 (en) * 1992-09-21 1994-03-31 Ric Bailier Richardson System for software registration
US7359882B2 (en) 2001-05-11 2008-04-15 Bea Systems, Inc. Distributed run-time licensing
US8230058B2 (en) 2004-03-29 2012-07-24 Verizon Business Global Llc Health reporting mechanism for inter-network gateway
US8370416B2 (en) 2006-04-26 2013-02-05 Hewlett-Packard Development Company, L.P. Compatibility enforcement in clustered computing systems
CN101201883B (en) 2007-09-18 2010-04-14 北京赛柏科技有限责任公司 Software protection method based on virtual machine
US8205241B2 (en) 2008-01-30 2012-06-19 Microsoft Corporation Detection of hardware-based virtual machine environment
US20100333213A1 (en) 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Systems and Methods for Determining Authorization to Operate Licensed Software Based on a Client Device Fingerprint
US20110296429A1 (en) * 2010-06-01 2011-12-01 International Business Machines Corporation System and method for management of license entitlements in a virtualized environment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1224788B1 (en) * 1999-10-22 2004-06-23 Nomadix, Inc. Location-based identification for use in a communications network
US20040203648A1 (en) * 2002-07-22 2004-10-14 At&T Wireless Services, Inc. Methods and apparatus for formatting information for a communication
US20090245122A1 (en) * 2003-01-23 2009-10-01 Maiocco James N System and method for monitoring global network performance
US20070027815A1 (en) * 2005-07-29 2007-02-01 Symantec Corporation Systems and methods for centralized subscription and license management in a small networking environment
US20090328225A1 (en) * 2007-05-16 2009-12-31 Vmware, Inc. System and Methods for Enforcing Software License Compliance with Virtual Machines
US20120011241A1 (en) * 2008-02-22 2012-01-12 Etchegoyen Craig S License auditing of software usage by associating software activations with device identifiers
US20100305989A1 (en) * 2009-05-27 2010-12-02 Ruicao Mu Method for fingerprinting and identifying internet users

Also Published As

Publication number Publication date
EP2829038B1 (en) 2016-03-02
EP2829038A1 (en) 2015-01-28
US10268807B2 (en) 2019-04-23
KR20150033684A (en) 2015-04-01
KR102131175B1 (en) 2020-07-07
CN104620553B (en) 2018-03-13
DE102012210747A1 (en) 2014-01-02
CN104620553A (en) 2015-05-13
WO2014000927A1 (en) 2014-01-03

Similar Documents

Publication Publication Date Title
CN113050607B (en) Security event detection by virtual machine introspection
US9021595B2 (en) Asset risk analysis
US9306964B2 (en) Using trust profiles for network breach detection
US10469524B2 (en) Techniques for integrated endpoint and network detection and eradication of attacks
KR101122646B1 (en) Method and device against intelligent bots by masquerading virtual machine information
US8458785B2 (en) Information security protection host
US20190190931A1 (en) Detection of botnets in containerized environments
US11171985B1 (en) System and method to detect lateral movement of ransomware by deploying a security appliance over a shared network to implement a default gateway with point-to-point links between endpoints
US10757029B2 (en) Network traffic pattern based machine readable instruction identification
US20210160273A1 (en) Method for calculating risk for industrial control system and apparatus using the same
US8392998B1 (en) Uniquely identifying attacked assets
US9444830B2 (en) Web server/web application server security management apparatus and method
US11216192B2 (en) Memory protective apparatus for indirect access memory controller
WO2019026310A1 (en) Information processing device, information processing method, and information processing program
EP3172691A1 (en) Security indicator linkage determination
Hagan et al. Enforcing policy-based security models for embedded SoCs within the internet of things
CN101238470B (en) Method for operating computing device, method for manufacturing software
WO2021084961A1 (en) Analysis device and analysis method
US10268807B2 (en) Method for protecting a computer program product, computer program product and computer-readable storage medium
CN110941825B (en) Application monitoring method and device
RU2724796C1 (en) System and method of protecting automated systems using gateway
JP2020119596A (en) Log analysis system, analysis device, analysis method, and analysis program
EP2887603B1 (en) Controlling an execution of a software application on an execution platform in a first local network
CN114095227A (en) Credible authentication method and system for data communication gateway and electronic equipment
CN107608339B (en) Interface protection method and device for automobile machine

Legal Events

Date Code Title Description
AS Assignment

Owner name: SIEMENS AKTIENGESELLSCHAFT, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BARTHOLDT, JOERG;DIPPL, SEBASTIAN;REEL/FRAME:035951/0580

Effective date: 20141024

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20230423